The event is for college students, the competition is being developed and this is a sort of test run for it. If you are interested there will be a spring competition starting April 30th. It seems like the focus is for US universities and colleges.
http://www.nationalcyberleague.org/2...g/spring.shtml
I'm taking part in a security competition as part of a class and Nov 3 we will be doing log analysis. What the teacher is teaching seems woefully inadequate so i'm wondering if all youall have any tips.
Here is what we will be covering:
Windows Security Log (10 flags, totaling 2,800 points)
Corrupt Windows Security Log (10 flags, totaling 7,600 points)
Linux Authentication Log (10 flags totaling 2,800 points)
Corrupt Linux Authentication Log (10 flags, totaling 7,600 points)
Apache Logs (5 flags, totaling 1,200 points)
Network Data Capture (5 flags, totaling 8,000)
What events in Linux logs would signify a potential intrusion attempt, or intrusion. What are some events to look for that are common in intrusion attempts (for example adding a user account). How do I know what a particular line in the logs mean.
The part that I have no clue on is Corrupt Logs, any ideas on what or how to restore/retrieve information from corrupt logs. Even links pointing else where to learn will be helpful. It might be on inconsistency within the log (such as two logins without logging out [assuming both logins and logouts are recorded]), what might signal that?
Bookmarks